Skip to main content

Hackers target your holiday shopping with new phishing scam

It’s easy to get fooled by this new and devious, holiday-themed phishing attack that offers free prizes. But the old caution that “if it sounds too good to be true, it probably is” continues to be proven correct in this case.

What makes this trick so effective is the elaborate methods used to conceal its nefarious purpose and to reassure you, the potential victim, that it’s perfectly OK to proceed. This phishing attack has actually been active since September and is ongoing, targeting holiday shoppers seeking special offers.

Related Videos
Woman using a laptop next to a latte.

The attack was identified by Akamai and was recently reported on Scam Watcher, where screenshots were also shared, as noted by Bleeping Computer. The carrot that’s dangled is a free gift that is nice, but not so expensive as to be unbelievable. For example, a Yeti Hopper M20 Backpack Cooler was supposedly offered as an incentive to complete a survey.

For those wary of such gifts, scrolling down a bit reveals fake testimonials from people who have supposedly finished the survey and received their reward with no trouble whatsoever. If you were tempted by the gift, this might give you enough reassurance to proceed. There’s one more chance to back out, however.

To receive the free gift, you have to supply your mailing address, which is valuable to scammers. Then there’s the issue of shipping. Since the gift is free, you might not mind paying for shipping. All of this information is easy to enter with your iPhone or Android phone using autofill and it takes seconds to complete the process, nothing compared to the time you’ve already sunk into checking out the freebie, reading testimonials, and taking the survey.

Here's an example of a prize giveaway phishing scam.
Scam Watcher

The technical details of this phishing scam are complex and the attack redirects through multiple websites and uses unique website addresses each time, making it difficult to trace back to the perpetrator and shut it down. The best thing for you to do is to use caution and to be very skeptical of these free offers. It’s probably not worth the risk of identity theft, not to mention the financial cost.

Editors' Recommendations

New phishing method looks just like the real thing, but it steals your passwords
A MacBook with Google Chrome loaded.

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that's available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Read more
Hackers may be hiding in plain sight on your favorite website
A depiction of a hacked computer sitting in an office full of PCs.

Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

Read more
Your Steam account could be in danger because of this new phishing technique
Steam home screen.

Hackers are once again targeting gamers, and this time around, you could lose your Steam account if you're not careful.

Through the use of the Browser-in-the-Browser technique, hackers have been able to gain access to some high-profile Steam accounts valued as highly as $300,000. Here's how the new hack works and how to make sure you're staying safe.

Read more